Traditionally, network level identifiers (World Wide Names, MAC addresses, etc.) are used in networks to identify and direct traffic. However, because network level identifiers are often spoofable, this becomes a problem when using such identifiers in a manner which affects security (such as who has access to what resources on the network). Spoofing is particularly problematic for storage area networks (SANs), which are traditionally viewed as large zones of trust.
A network device on the edge of a SAN network (or other network) typically identifies sources of traffic based on the entry point into the SAN, unfortunately, that source information is then lost as traffic is routed through the SAN to it's eventual destination. All that is left to identify the source of traffic is the network level identifiers (World Wide Name, etc.). Without the information about the entry point of traffic into a SAN network, node devices can't tell for sure if the traffic they are seeing is really traffic from host A, which came in to the network from where host A is connected, or simply traffic identified as from host A, but which really entered the SAN from another place, or was injected by hostile activity.
Accordingly, it is desirable to provide network security devices and methods that help prevent traffic spoofing and which maintain information that identifies the source of traffic.